About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
DSA 2018
Conference paper
Generating permission-based security policies
Abstract
For access control in Java or.NET web applications, methods on the runtime stack are examined by the runtime systems for granted permissions, to prohibit from executing untrusted codes. There are quite limited research work on automatically generating security policies for configuring application components. In practice, configuring a security policy of web applications almost relies on the expertise of developers. In this work, we present an approach to automatically generating permission-based security policies for Java applications to pass the runtime authorization. Our technique is based on context-sensitive static proram analysis in the framework of conditional weighted pushdown systems. To tackle with the challenges of access rights analysis such as to statically identify permissions to be examined at stack inspection points, we propose to apply a uniform abstract interpretation of program calling contexts which are used to glue various analysis modules involved in access rights analysis including points-to analysis, string analysis and policy generation analysis. As a result, we can statically identify relevant permissions at the stack inspection sites and perform context-sensitive policy generation analysis.